Reviewing Android Webviews fileAccess attack vectors
In Summary : WebViews are a crucial part of many mobile applications and there are some security aspects that need to be taken into acco...
https://updatesinfosec.blogspot.com/2018/05/reviewing-android-webviews-fileaccess.html
In Summary :
WebViews are a crucial part of many mobile applications and there are some security aspects that need to be taken into account when using them. File access is one of those aspects. For the implementation of some checks in our security tool Droidstatx, I’ve spent some time understanding all the details and noticed that not all attack vectors are very clear, specially in their requirements.
WebView file access is enabled by default. Since API 3 (Cupcake 1.5) the method setAllowFileAccess() is available for explicitly enabling or disabling it. [...]
kindly refer the following link as follow up :
https://ift.tt/2IKRBz7
WebViews are a crucial part of many mobile applications and there are some security aspects that need to be taken into account when using them. File access is one of those aspects. For the implementation of some checks in our security tool Droidstatx, I’ve spent some time understanding all the details and noticed that not all attack vectors are very clear, specially in their requirements.
WebView file access is enabled by default. Since API 3 (Cupcake 1.5) the method setAllowFileAccess() is available for explicitly enabling or disabling it. [...]
kindly refer the following link as follow up :
https://ift.tt/2IKRBz7
